LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-11-2005, 10:41 AM   #1
w3it
LQ Newbie
 
Registered: Nov 2005
Posts: 4

Rep: Reputation: 0
Question Azureus NAT problem


Hi
I have set Azureus to use port 50505.
I use the Firewall and SELinux of Centos.
Here is a printout of my iptables status:


Table: filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:50505

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:50505
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:50505

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:50505
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:50505
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited


My hardware gateway is currently set with a virtual server to the internal IP address and port number of the Azureus machine.


Ive read through lots of posts, the firewall doc and the iptables doc but nothing seems to help.

I did a port scan and 50505 does not show up?

Anyway Ive spent about 2 days on this and given up. Any help greatly appreciated.


Thanks

Last edited by w3it; 11-11-2005 at 12:46 PM.
 
Old 11-11-2005, 06:49 PM   #2
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
The only reference to open the port should be in the last section. Post your /etc/sysconfig/iptables script.

What are you using to portscan with?

Brian1
 
Old 11-13-2005, 01:51 PM   #3
w3it
LQ Newbie
 
Registered: Nov 2005
Posts: 4

Original Poster
Rep: Reputation: 0
Hi Brian
thanks for your reply and here is the file:


# Generated by iptables-save v1.2.11 on Fri Nov 11 13:20:40 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [98086:66554731]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A OUTPUT -p tcp -m tcp --dport 50505 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Nov 11 13:20:40 2005



Any ideas?

Regards
Ian
 
Old 11-13-2005, 04:56 PM   #4
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
This is the way I would configure it. This should work as long as the following exist.
1. Azureus is configured on tcp port 50505
2. If there is firewall router between computer and the internet, then the wan tcp port 50505 needs to be forwarded to internal lan machine running Azureus. This works best when the lan machine uses static IP versus getting one from the routers DHCP pool.
That should be all that is needed since there is no blocking of outbound connections, so no outbound line is needed.

# Generated by iptables-save v1.2.11 on Fri Nov 11 13:20:40 2005
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-crypt -j ACCEPT
-A RH-Firewall-1-INPUT -p ipv6-auth -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 50505 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Hope this helps. Any questions please ask away.
Brian1
 
Old 11-14-2005, 05:30 AM   #5
w3it
LQ Newbie
 
Registered: Nov 2005
Posts: 4

Original Poster
Rep: Reputation: 0
No luck Im afraid. Placed exactly what you have written and checked my harware gateway with has the azureus machine listed as a virtual server with port 50505.

Even if I deactivate the CentOS firewall and SELinux nothing changes. I am getting "blue faces" which according to the documentation indicates a NAT error. If that helps?

Thanks
Ian
 
Old 11-14-2005, 04:38 PM   #6
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
Is htis the default port for Azureus?
If not try setting it to the default on both firewall and router.
It might be best to leave the firewall turned off till you can get the router to port forward to the llinux's lan IP.

Brian1
 
Old 11-14-2005, 05:19 PM   #7
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 14.1
Posts: 1,141

Rep: Reputation: 55
Azureus being a bittorrent in Java...uses the default bittorrent port 6881.
 
Old 11-17-2005, 03:15 AM   #8
w3it
LQ Newbie
 
Registered: Nov 2005
Posts: 4

Original Poster
Rep: Reputation: 0
Hi
thanks for your replies.

It seems some ISPs are wise to BitTorrents and do not like the concept and block the default ports. Users are avised to make their own.

Here is what I have found though. I am running a private lan 192.168.1.* and did not realise that it is sitting in aother private lan 172.26.0.* which has the gateway link to the Internet. I am trying to find out how to login to it as this is where I guess I should set the Azureus details.

Thanks
Ian
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables: about FORWADING and nat fei Linux - Networking 36 05-22-2005 11:30 PM
nat & firewall thru iptables jkmartha Linux - Security 5 05-13-2005 08:47 AM
NAT, iptables, firewall, and Windoze AWyant Linux - Newbie 7 09-23-2003 05:30 PM
Iptables firewall with 4 NICs and nat jod Linux - Security 7 08-06-2003 06:14 AM
IPTABLES, NAT & Firewall dsylvester Slackware 1 02-15-2003 08:14 PM


All times are GMT -5. The time now is 09:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration